postgresql and postgresql db: fix the letsencrypt configuration, new default version.

2019-12-12 13:53:24 +01:00 · 2019-12-12 13:53:24 +01:00 · b585baee9b
parent a2ac312217
commit b585baee9b
3 changed files with 5 additions and 12 deletions
--- a/library/roles/postgresql-db/defaults/main.yml
+++ b/library/roles/postgresql-db/defaults/main.yml
@ -1,6 +1,6 @@
 ---
 psql_db_port: 5432
-psql_version: 9.6
+psql_version: 11
 psql_conf_dir: '/etc/postgresql/{{ psql_version }}/main'
 psql_force_ssl_client_connection: False

--- a/library/roles/postgresql/defaults/main.yml
+++ b/library/roles/postgresql/defaults/main.yml
@ -12,7 +12,7 @@ psql_pgpool_pkg_state: installed
 #
 # See the features matrix here: http://www.postgresql.org/about/featurematrix/
 #
-psql_version: 10
+psql_version: 11
 psql_db_host: localhost
 psql_db_port: 5432
 psql_db_size_w: 150000000
@ -66,7 +66,7 @@ postgresql_letsencrypt_managed: '{{ psql_enable_ssl }}'
 psql_ssl_privkey_global_file: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey'
 psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key
 psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
-psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/chain'
+psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/fullchain'
 psql_conf_ssl_parameters: 
  - { name: 'ssl', value: 'true' }
  - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}' }
--- a/library/roles/postgresql/files/postgresql-letsencrypt-acme.sh
+++ b/library/roles/postgresql/files/postgresql-letsencrypt-acme.sh
@ -12,23 +12,16 @@ DATE=$( date )
 [ ! -d $LE_LOG_DIR ] && mkdir $LE_LOG_DIR
 echo "$DATE" >> $LE_LOG_DIR/postgresql.log

-if [ -f /etc/default/letsencrypt ] ; then
-    . /etc/default/letsencrypt
-else
-    echo "No letsencrypt default file" >> $LE_LOG_DIR/postgresql.log
-fi
-
 echo "Copy the key file" >> $LE_LOG_DIR/postgresql.log
 cp ${LE_CERTS_DIR}/privkey  ${POSTGRESQL_KEYFILE}
 chmod 440 ${POSTGRESQL_KEYFILE}
 chown root ${POSTGRESQL_KEYFILE}
 chgrp postgres ${POSTGRESQL_KEYFILE}

+# We assume we are dealing with postgresql 10 or later
 echo "Restart the postgresql service" >> $LE_LOG_DIR/postgresql.log
 if [ -x /bin/systemctl ] ; then
-    systemctl restart postgresql >> $LE_LOG_DIR/postgresql.log 2>&1
-else
-    service postgresql restart >> $LE_LOG_DIR/postgresql.log 2>&1
+    systemctl reload postgresql >> $LE_LOG_DIR/postgresql.log 2>&1
 fi

 echo "Done." >> $LE_LOG_DIR/postgresql.log